Earlier we reported that toy maker VTech had been hacked and over 5 million accounts were affected as well as 200,000+ children. Now we’re learning that the VTech hacker was also able to get headshots and chatlogs from children’s accounts and even more information than originally reported. Audio clips of children’s voices were also discovered and the hacker claims most everything was stored on VTech servers unsecured. The hacker in question remains anonymous but claims to be a white hat hacker but that doesn’t mean black hat hackers haven’t gotten to this same information.
Over the weekend, the hacker, who asked to remain anonymous, told me that VTech left other sensitive data exposed on its servers, including kids’ photos and chat logs between children and parents. This data is from the company’s Kid Connect, a service that allows parents using a smartphone app to chat with their kids using a VTech tablet. In online tutorials, the company encourages parents and kids to take headshots and use them in their apps.
“I can get a random Kid Connect account, look through the dump, link them to their circle of friends, and the parent who registered at Learning Lodge [VTech’s app store],” the hacker told Motherboard. “I have the personal information of the parent and the profile pictures, emails, [Kid Connect] passwords, nicknames… of everyone in their Kid Connect contacts list.”
VTech has taken down its Learning Lodge website along with a dozen other sites that work alongside its interactive toys and is still investigating. The company has setup email addresses for the public to contact them should they have questions but I’m sure they’re probably backlogged already. The website Motherboard has posted some of the content the hacker uncovered and you can view that on their website.
Are you a parent who’s child was affected? Let us know in the comments below, or on Google+, Twitter, or Facebook.Source: Motherboard